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Abstract 

In this paper we suggest an architecture for a software agent which operates a physical 
device and is capable of making observations and of testing and repairing the device's 
components. We present simplified definitions of the notions of symptom, candidate diag- 
nosis, and diagnosis which are based on the theory of action language A£. The definitions 
allow one to give a simple account of the agent's behavior in which many of the agent's 
tasks are reduced to computing stable models of logic programs. 
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1 Introduction 

In this paper we continue the investigation of applicability of A-Prolog (a loosely de- 
fined collection of logic programming languages under the answer set (stable model) 
semantics | |Gelfond and Lifschitz, 1988 Gclfond and Lifschitz, 1991) ) to knowledge 
representation and reasoning. The focus is on the development of an architecture for 
a software agent acting in a changing environment. We assume that the agent and 
the environment (sometimes referred to as a dynamic system) satisfy the following 
simplifying conditions. 

1. The agent's environment can be viewed as a transition diagram whose states 
are sets of fluents (relevant properties of the domain whose truth values may 
depend on time) and whose arcs are labeled by actions. 

2. The agent is capable of making correct observations, performing actions, and 
remembering the domain history. 

3. Normally the agent is capable of observing all relevant exogenous events oc- 
curring in its environment. 

These assumptions hold in many realistic domains and are suitable for a broad 
class of applications. In many domains, however, the effects of actions and the truth 
values of observations can only be known with a substantial degree of uncertainty 
which cannot be ignored in the modeling process. It remains to be seen if some 

* This work was supported in part by United Space Alliance under Research Grant 26-3502-21 
and Contract COC671311, and by NASA under Contracts 1314-44-1476 and 1314-44-1769. An 
extended version of this paper is available from http://www.krlab.cs.ttu.edu. 
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Fig. 1. AC 



of our methods can be made to work in such situations. The above assumptions 
determine the structure of the agent's knowledge base. It consists of three parts. The 
first part, called an action (or system) description, specifies the transition diagram 
representing possible trajectories of the system. It contains descriptions of domain's 
actions and fluents, together with the definition of possible successor states to which 
the system can move after an action a is executed in a state a. The second part 
of the agent's knowledge, called a recorded history contains observations made by 
the agent together with a record of its own actions. It defines a collection of paths 
in the diagram which, from the standpoint of the agent, can be interpreted as the 
system's possible pasts. If the agent's knowledge is complete (e.g., it has complete 
information about the initial state and the occurrences of actions, and the system's 
actions are deterministic) then there is only one such path. The third part of agent's 
knowledge base contains a collection of the agent's goals. All this knowledge is used 
and updated by the agent who repeatedly executes the following steps (the observe- 
think-act-loop dKowalski and Sadri, 1999, , Bar al~nd Gelfond, 2000| )): 

1. observe the world and interpret the observations; 

2. select a goal; 

3. plan; 

4. execute part of the plan. 

In this paper we concentrate on agents operating physical devices and capable of 
testing and repairing the device components. We are especially interested in the 
first step of the loop, i.e. in agent's interpretations of discrepancies between agent's 
expectations and the system's actual behavior. The following example will be used 
throughout the paper: 

Example 1.1 

Consider a system 5" consisting of an agent operating an analog circuit AC from 
figure 1. We assume that switches si and S2 are mechanical components which 
cannot become damaged. Relay r is a magnetic coil. If not damaged, it is activated 
when si is closed, causing S2 to close. Undamaged bulb h emits light if S2 is closed. 
For simplicity of presentation we consider the agent capable of performing only one 
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action, close{si). The environment can be represented by two damaging exogenous^ 
actions: hrk^ which causes b to become fauhy, and srg (power surge), which damages 
r and also h assuming that b is not protected. Suppose that the agent operating this 
device is given a goal of lighting the bulb. He realizes that this can be achieved by 
closing the first switch, performs the operation, and discovers that the bulb is not 
lit. The goal of the paper is to develop methods for modehng the agent's behavior 
after this discovery. 

We start with presenting a mathematical model of an agent and its environment 
based on the theory of action languages l |Gelfond and Lifschitz, 1998| ). Even though 
our approach is applicable to a large collection of action languages, to simplify the 
discussion we will limit our attention to action language AC from | |Baral and Gelfond, 2000| 
We proceed by presenting definitions of the notions of symptom, candidate diag- 
nosis, and diagnosis which somewhat differ from those we were able to find in the 
literature. These definitions are used to give a simple account of the agent's be- 
havior including diagnostics, testing, and repair. We also suggest algorithms for 
performing these tasks, which are based on encoding the agents knowledge in A- 
Prolog and reducing the agent's tasks to computing stable models (answer sets) of 
logic programs. 

In this paper we assume that at any moment of time the agent is capable of testing 
whether a given component is functioning properly. Modification of the algorithms 
in the situation when this assumption is lifted is the subject of further research. 

There is a numerous literature on automating various types of diagnostic tasks 
and the authors were greatly influenced by it. We mention only several papers 
which served as a starting point for our investigation. Of course we are indebted 
to R. Reiter ( |Reiter, 1987| ) which seems to contain the first clear logical account 
of the diagnostic problem. We were also influenced by early papers of D. Poole 
and K. Eshghi who related diagnostics and logic programming, seriously discussed 
the relationship between diagnostics and knowledge representation, and thought 
about the ways to combine descriptions of normal behaviour of the system with 
information about its faults. More recently M. Thielscher, S. Mcllraith, C. Baral, T. 
Son, R. Otero recognized that diagnostic problem solving involves reasoning about 
the evolution of dynamic systems, related diagnostic reasoning with reasoning about 
action, change, and causation, and told the story of diagnostics which included 
testing and repair. 

In our paper we generalize and modify this work in several directions. 

• We considered a simple and powerful language AC for describing the agent's 
knowledge. Unlike some of the previous languages used for this purpose, AC 
allows concurrent actions and consecutive time-steps, and makes the distinc- 
tion between observations and the derived (possibly defeasible) knowledge. 
The semantics of the language allows to explain malfunctioning of the system 

^ By exogenous actions we mean actions performed by the agent's environment. This includes 
natural events as well as actions performed by other agents. 
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by some past occurrences of exogenous (normally breaking) actions which 
remain unobserved by the agent. 

• We simplified the basic definitions such as symptom, candidate diagnosis, and 
diagnosis. 

• We established the realtionship between AC and logic programming and used 
this relationship to reduce various diagnostic tasks to computing stable models 
of logic programs. 

• Finally we proved correctness of the corresponding diagnostic algorithms. 

The paper is organized as follows: in Section|21we introduce a motivating example. 
Section introduces basic definitions used throughout the paper. In Sections 01 
and |31 we show how techniques of answer set programming can be applied to the 
computation of candidate diagnoses and of diagnoses. In Sectional we investigate 
the issues related to the introduction of the ability to repair damaged components. 
Section [3 discusses related work. In Section |S1 we conclude the paper and describe 
how our work can be extended. The remaining sections contain the description 
of syntax and semantics of A-Prolog and AC, as well as the proofs of the main 
theorems stated in this paper. 

2 Modeling the domain 

We start with some formal definitions describing a diagnostic domain consisting 
of an agent controlling a physical device. We limit ourselves to non-intrusive and 
observable domains in which the agent's environment does not normally interfere 
with his work and the agent normally observes all of the domain occurrences of 
exogenous actions. The agent is, however, aware of the fact that these assump- 
tions can be contradicted by observations. As a result the agent is ready to observe 
and to take into account occasional occurrences of exogenous 'breaking' actions. 
Moreover, discrepancies between expectations and observations may force him to 
conclude that some exogenous actions in the past remained unobserved. This view 
of the relationship between the agent and his environment determined our choice 
of action language used for describing the agent's domain and, to the large ex- 
tent, is responsible for substantial differences between our approach and that of 
I IBaral, Mclhaith, and Son, 2000| ). 

By a domain signature we mean a triple S — {C,F,A) of disjoint finite sets. 
Elements of C will be called device components and used to name various parts of 
the device. Elements of F are referred to as fluents and used to denote dynamic 
properties of the domain ^ . By fluent literals we mean fluents and their negations 
(denoted by -i/). We also assume existence of a set Fq C F which, intuitively, 
corresponds to the class of fluents which can be directly observed by the agent. 
The set of literals formed from a set X C F of fluents will be denoted by lit{X). A 
set Y C lit{F) is called complete if for any f £ F, f & For-i/e Y; Y is called 

^ Our definitions could be easily generalized to domains with non-boolean fiuents. However, the 
restriction to boolean fluents will simplify the presentation. 
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consistent if there is no / such that f ^ Y . We assume that for every component 
c the set Fq contains a fluent ah{c) which says that the device's component c 
is faulty. The use of ah in diagnosis goes back to ( |Reiter, 1987| ). The set A of 
elementary actions is partitioned into two disjoint sets, As and A^', A^ consists of 
actions performed by an agent and A^. consists of exogenous actions. (Occurrences 
of unobserved exogenous actions will be viewed as possible causes of the system's 
malfunctioning) . 

By a transition diagram over signature E we mean a directed graph T such that: 

(a) the states of T are labeled by complete and consistent sets of fluent literals 
(corresponding to possible physical states of the domain) . 

(b) the arcs of T are labeled by subsets of A called compound actions. (Intuitively, 
execution of a compound action {ai, . . . , 0^} corresponds to the simultaneous exe- 
cution of its components). 

Paths of a transition diagram correspond to possible trajectories of the domain. 
A particular trajectory, W, called the actual trajectory corresponds to the actual 
behavior of the domain. In our observe-think-act loop the agent's connection with 
reality is modeled by a function observe(n, f) which takes a natural number n and 
a fluent f € Fq as parameters and returns / if / belongs to the n'th state of W and 
-1/ otherwise 

Definition 2.1 

By a diagnostic domain we mean a triple (E, T", W) where E is a domain signature, 
T is a transition diagram over E, and W is the domain's actual trajectory. 

To design an intelligent agent associated with a diagnostic domain S = (E, T, W) 
we need to supply the agent with the knowledge of E, T", and the recorded his- 
tory of 5 up to a current point n. Elements of E can normally be defined by a 
simple logic program. Finding a concise and convenient way to define the transi- 
tion diagram of the domain is somewhat more difficult. We start with limiting our 
attention to transition diagrams defined by action descriptions of action language 
AC from ( |Baral and Gelfond, 2000| ). The accurate description of the language can 
be found in Sectional A typical action description SD of AC consists of a col- 
lection of causal laws determining the effects of the domain's actions, the actions' 
executability conditions, and the state constraints - statements describing depen- 
dences between fluents. (We often refer to statements of SD as laws.) Causal laws 
of SD can be divided into two parts. The first part, SDn, contains laws describing 
normal behavior of the system. Their bodies usually contain special fiuent literals 
of the form -ia6(c). The second part, SDt, describes effects of exogenous actions 
damaging the components. Such laws normally contain relation ab in the head or 
positive parts of the bodies. (To simplify our further discussion we only consider 
exogenous actions capable of causing malfunctioning of the system's components. 
The restriction is however inessential and can easily be lifted.) 
By the recorded history r„ of up to a current moment n we mean a collection of 
observations, i.e. statements of the form: 

1. obs{l, t) - 'fluent literal / was observed to be true at moment i'; 
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2. hpd{a, t) - elementary action a £ A was observed to happen at moment t 

where t is an integer from the interval [0, n). Notice that, intuitively, recorded 
history hpd{ai,l)^ hpd{a2,l) says that an 'empty' action, {}, occurred at moment 
and actions ai and a2 occur concurrently at moment 1. 

An agent's knowledge about the domain up to moment n will consists of an action 
description of AC and domain's recorded history. The resulting theory will often 
be referred to as a domain description of AC. 

Definition 2.2 

Let 5 be a diagnostic domain with transition diagram T and actual trajectory 
W = (uq , Uq ,(Ti , . . . , al^_i,a'^), and let r„ be a recorded history of S up to 
moment n. 

(a) A path (cto, ao, cti, . . . , a„_i, cr„} in T" is a model of r„ (with respect to S) if for 
any < t < n 

1. Of = {a : hpd{a, t) £ r„}; 

2. if ohs{l, t) e r„ then / e at- 

(b) r„ is consistent (with respect to S) if it has a model. 

(c) r„ is sound (with respect to S) if, for any /, a, and t, if obs{l, t), hpd{a, t) G r„ 
then / e ctJ" and a & af . 

(d) A fluent literal / holds in a model M of r„ at time t < n {M \^ h{l, t)) if / e at; 
r„ entails h{l, t) (r„ ^ h{l, t)) if, for every model M of r„, M ^ h{l, t). 

Notice that, in contrast to definitions from ( |Baral, Mcllraith, and Son, 2000| ) based 
on action description language C from ( |Baral, Gelfond, and Provetti, 1994) ), recorded 
history in AC is consistent only if changes in the observations of system's states 
can be explained without assuming occurrences of any action not recorded in r„ . 
Notice also that a recorded history may be consistent, i.e. compatible with T", but 
not sound, i.e. incompatible with the actual trajectory of the domain. 

The following is a description, SD, of system S from Example 1 1.1 1 




fluent{active{r)). 
fluent{on{h)). 
Fluents I fluent {prot{h)). 

fluent(closed(SW)) ^ switch{SW). 
, fluent{ab{X)) ^ comp{X). 




Causal Laws and Executability Conditions describing normal functioning of S : 
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causes {close{si), closed{si), []). 
caused(active{r) , [closed{si), ^ab{r)]). 
caused{closed{s2) , [active{r)]). 
caused{on(h) , [closed{s2)-, -^ah{b)]). 
caused{-'on{b), [-'closed{s2)]). 
impossiblc-if {close{si), [closed{si)]). 

[causes{A, L, P) says that execution of elementary action ^ in a state satisfying 
fluent literals from P causes fluent literal L to become true in a resulting state; 
caused{L, P) means that every state satisfying P must also satisfy L, 
impossible-if{A, P) indicates that action A is not executable in states satisfying 
P.) The system's malfunctioning information from Example II. II is given by: 



causes{brk, ab{b), []). 
SDt ^ causes {srg, ab{r),W). 

causes{srg, ab{b), [-^prot[b)\) . 

Now consider a history, Fi of 5": 



caused{^on{b), [ab{b)]). 
caused{^active{r) , [ab{r)]). 



hpd(close{si),0). obs{-'ab{b),0). 
Fi ^ obs{^closed{si),0). obs{^ab{r),0). 
obs{^closed{s2), 0). obs{prot[b), 0). 

Fi says that, initially, the agent observed that si and S2 were open, both the bulb, 6, 
and the relay, r, were not to be damaged, and the bulb was protected from surges. 
Fi also contains the observation that action close{si) occurred at time 0. 

Let ctq be the initial state, and cti be the successor state, reached by performing 
action close{si) in state co- It is easy to see that the path ((Tq, cZose(si), di) is the 
only model of Fi and that Fi \= h{on{b), 1). 



3 Basic definitions 

Let 5 be a diagnostic domain with the transition diagram T, and actual trajectory 
W = {a^,al{',a^,..., a^_^,cr^). A pair, (F„, O™), where F„ is the recorded his- 
tory of S up to moment n and 0™ is a collection of observations made by the agent 
between times n and m, will be called a configuration. We say that a configuration 

s - (r„, o„™) (1) 

is a symptom of the system's malfunctioning if F„ is consistent (w.r.t. S) and 
F„ U O™ is not. Our definition of a candidate diagnosis of symptom is based 
on the notion of explanation from ( |Baral and Gelfond, 2000| ). According to that 
terminology, an explanation, E, of symptom |^ is a collection of statements 

E = {hpd{a^, t) : < t < n and a, £ Ae} (2) 

such that F„ U 0™ U i? is consistent. 
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Definition 3.1 

A candidate diagnosis D of symptom consists of an explanation E{D) of ^ 
together with the set A(I?) of components of 5" which could possibly be damaged 
by actions from E{D). More precisely, A(D) = {c : M ^ h{ab{c), m)} for some 
model M of r„ U U 

Definition 3.2 

We say that D is a diagnosis of a symptom S ~ (r„, O™) if D is a candidate 
diagnosis of S in which all components in A are faulty, i.e., for any c G A(_D), 
a6(c) e<. 

4 Computing candidate diagnoses 

In this section we show how the need for diagnosis can be determined and candidate 

diagnoses found by the techniques of answer set programming ( |Marek and Truszczynski, 1999| 

The proofs of the theorems presented here can be found in Section [T^ 

From now on, we assume that we are given a diagnostic domain S = (E, T, W). 

SD will denote an action description defining T. 

Consider a system description SD of S whose behavior up to the moment n from 
some interval [0, N) is described by recorded history r„. (We assume that N is suffi- 
ciently large for our application.) We start by describing an encoding of SD into pro- 
grams of A-Prolog suitable for execution by SMODELS ( Niemela and Simons, 1997| ). 
Since SMODELS takes as an input programs with finite Herbrand bases, references 
to lists should be eliminated from laws of SD. To do that we expand the signature 
of SD by new terms - names of the corresponding statements of SD - and consider 
a mapping a, from action descriptions of AC into programs of A-Prolog, defined as 
follows: 

1. a{causes{a, Iq, [h . . . Im])) is the collection of atoms 

dJaw{d), head{d, Iq), action{d, a), 

prec(d, 1, /i), . . . , prec{d, m, lm),prec{d, m -\- 1, nil). 

Here and below d will refer to the name of the corresponding law. Statement 
prec{d, i, k), with 1 < i < m, says that 4 is the i'th precondition of the law 
d; prec{d, m + 1, nil) indicates that the law has exactly m preconditions. This 
encoding of preconditions has a purely technical advantage. It will allow us 
to concisely express the statements of the form 'Aii preconditions of a law d 
are satisfied at moment T\ (See rules (3-5) in the program 11 below.) 

2. a{caused{lQ, [h . . . Im])) is the collection of atoms 

sJaw{d), head{d, Iq), 

prec{d, 1, /i), . . . , prec{d, m, 1,^^), prec{d, m + 1, nil). 

3. a{impossible_if {a, [h . . . Im])) is a constraint 

^ h{h,T),...,h{ln,T), 
o{a, T). 

where o(a, t) stands for 'elementary action a occurred at time t\ 
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By a{SD) we denote the result of applying a to the laws of SD. Finally, for any 
history, T, oi S 

a{SD,T) = nUa(6'LI) ur 

where 11 is defined as follows: 

' 1. h{L, T') <- dJaw{D), 

head{D, L), 
action{D, A), 
o{A, T), 
prec_h{D, T). 

2. h{L, T) ^ sJaw{D), 

head{D, L), 
precJi{D, T). 

3. alLh{D,N,T) ^ prec{D , N , ml) . 
I 4. alLh{D,N,T) ^ prec{D,N,P), 

1 h{P, T), 

alLh{D,N', T). 

5. prec.h{D,T) ^ alLh{D,l,T). 

6. hiL,T') h{L,T), 

not h{L, T'). 

7. ^ h{L,T),h{L,T)- 

8. o{A, T) ^ hpd{A, T). 

9. h{L,Q) ^ obs{L,0). 

10. ^ obs{L, T), 

not h{L, T). 

Here D, A, L are variables for the names of laws, actions, and fluent literals respec- 
tively, T, T' denote consecutive time points, and N , N' are variables for consecutive 
integers. (To run this program under SMODELS we need to either define the above 
types or add the corresponding typing predicates in the bodies of some rules of 11. 
These details will be omitted to save space.) The relation o is used instead of hpd 
to distinguish between actions observed {hpd), and actions hypothesized (o). 

Relation precJi{d, t), defined by the rule (5) of 11, says that all the preconditions 
of law d are satisfied at moment t. This relation is defined via an auxiliary relation 
alLh{d, i, t) (rules (3), (4)), which holds if the preconditions li,...,lm, of d are 
satisfied at moment t. (Here li, . . . ,l„i stand for the ordering of preconditions of d 
used by the mapping a.) Rules (1),(2) of H describe the effects of causal laws and 
constraints of SD. Rule (6) is the inertia axiom ( [McCarthy and Hayes, 1969| ), rule 
(7) rules out inconsistent states, rules (8) and (9) establish the relationship between 
observations and the basic relations of H, and rule (10), called the reality check, 
guarantees that observations do not contradict the agent's expectations. 
(One may be tempted to replace ternary relation prec(D, N , P) by a simpler binary 
relation prec{D, P) and to define relation precJi by the rules: 

-nprec.h{D , T) <- prec{D, P),^h{P, T). 
precJi{D, T) ^ not -^precJi{D , T). 
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It is important to notice that this definition is incorrect since the latter rule is 
defeasible and may therefore conflict with the inertia axiom.) 

The following terminology will be useful for describing the relationship between 
answer sets of a{SD, r„) and models of r„. 

Definition 4-1 

Let SD be an action description, and ^ be a set of literals over lit{a{SD, r„)). We 
say that A defines the sequence 

(ctq, Oq, CTl; . . . , a„_i, (T„) 

if CTfc = {/ I h{l, k) e A} and = {a \ o{a, k) G A}. 

The following theorem establishes the relationship between the theory of actions in 
AC and logic programming. 

Theorem 1 

If the initial situation of r„ is complete, i.e. for any fluent / of SD, r„ contains 
obs{f, 0) or obs{^f , 0) then M is a model of r„ iff M is defined by some answer set 
ofaiSD,T„). 

(The theorem is similar to the result from ( [Turner, 1997| ) which deals with a dif- 
ferent language and uses the definitions from ( [McCain and Turner, 1995) ).) 
Now let 5 be a configuration of the form (Q, and let 

Conf{S) = a{SD, r„) U O',^ U R (3) 

where 

hif,0) ^ noth{^f,0). 
hH,0) ^ noth{f,0). 

for any fiuent f E F. The rules of R are sometimes called the awareness axioms. 
They guarantee that initially the agent considers all possible values of the domain 
fluents. (If the agent's information about the initial state of the system is com- 
plete these axioms can be omitted.) The following corollary forms the basis for our 
diagnostic algorithms. 

Corollary 1 

Let S — (r„, O™) where r„ is consistent. Then configuration 5 is a symptom of 
system's malfunctioning iff program Conf{S) has no answer set. 

To diagnose the system, 5, we construct a program, DM , defining an explanation 
space of our diagnostic agent - a collection of sequences of exogenous events which 
could happen (unobserved) in the system's past and serve as possible explanations 
of unexpected observations. We call such programs diagnostic modules for S . The 
simplest diagnostic module, DMq, is defined by rules: 

o{A, T) ^ Q< T <n, x.act{A), 
not -io(j4, T). 



R 



DMo < 



no(^, T) ^ 0< T <n, x.act{A), 
not o{A, T). 
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or, in the more compact, choice rule, notation of SMODELS ^ 



limons, 19991 ) 



{o{A, T) : x_act{A)) 



0< T <n. 



(Recall that a choice rule has the form 

m{p(X) : q(X)}n 



body 



and says that, if the body is satisfied by an answer set AS of a program then AS 
must contain between m and n atoms of the form p{t) such that q{t) G AS . For 
example, program 



has two answer sets: {g(a)}, and {p{a), q{a)}.) 

Finding candidate diagnoses of symptom S can be reduced to finding answer sets 
of a diagnostic program 



The link between answer sets and candidate diagnoses is described by the following 
definition. 

Definition 4-2 

Let SD be a system description, S — (r„, O™) be a symptom of the system's 
malfunctioning, X be a set of ground literals, and E and S be sets of ground atoms. 
We say that {E, A) is determined by X if 

E = {hpd{a, t) I o(a, t) E X and a G A^}, and 

A = {c I ohs{ab{c), m) G X}. 

Theorem 2 

Let (S, T , W) be a diagnostic domain, SD be a system description of T, 5 = 
(r„, 0™) be a symptom of the system's malfunctioning, and E and J be sets of 
ground atoms. Then, 

{E,A) is a candidate diagnosis of S 



{E, A) is determined by an answer set of Do{S). 

The theorem justifies the following simple algorithm for computing candidate di- 
agnosis of a symptom S: 

function Candidate _Diag{ S: symptom ); 
Input: a symptom S = (r„, O™). 

Output: a candidate diagnosis of the symptom, or (0, 0) if no candidate 

diagnosis could be found, 
var E : history; 



{p{X) : q{X)}. 
q{a). 



Do{S) = Conf{S) U DMq. 



(4) 



iff 
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A : set of components; 

if Do{S) is consistent then 

select an answer set, X, of -00(15); 

compute {E,A) determined by X; 

return ((£', A)); 
else 

^:=0; A:=0; 
return (0,0). 
end 

Given a symptom S, the algorithm constructs the program Dq{S) and passes it as an 

input to SMODELS | |Niemela and Simons, 1997| ), DLV ( |Citrigno, Eiter, Faber, Gottlob, Koch, Leone, Mateis, Pfei 
DeReS ( |Gholewinski, Marek, and Truszczynski, 1996| ), or some other answer set 
finder. If no answer set is found the algorithm returns (0,0). Otherwise the al- 
gorithm returns a pair {E, A) extracted from some answer set X of the program. 
By Theorem |21 the pair is a candidate diagnosis of S. Notice that the set E ex- 
tracted from an answer set X of Do{S) cannot be empty and hence the answer 
returned by the function is unambiguos. (Indeed, using the Splitting Set Theorem 
ULifschitz and Turner, 1994| [Turner, 1996| ) we can show that the existence of an- 
swer set of Do{S) with empty E will lead to existence of an answer set of Conf{S), 
which, by Corollary ^ contradicts to S being a symptom.) The algorithm can be 
illustrated by the following example. 

Example 4-1 

Let us again consider system S from Example 11.11 According to Fi initially the 
switches Si and S2 are open, all circuit components are ok, si is closed by the agent, 
and b is protected. It is predicted that b will be on at 1. Suppose that, instead, the 
agent observes that at time 1 bulb b is off, i.e. Oi — {obs{^on{b), 1)}. Intuitively, 
this is viewed as a symptom Sq = (Fi, Oi) of malfunctioning of S. By running 
SMODELS on Conf{Sa) we discover that this program has no answer sets and 
therefore, by Corollary ^ Sq is indeed a symptom. Diagnoses of So can be found 
by running SMODELS on Dq{So) and extracting the necessary information from 
the computed answer sets. It is easy to check that, as expected, there are three 
candidate diagnoses: 

D^^{{o{brk,0)},{b}) 
D2 = {{o{srg,0)},{r}) 
D3 ^ {{o{brk,0),o{srg,0)},{b,r}) 

which corresponds to our intuition. Theorem ^ guarantees correctness of this com- 
putation. 

The basic diagnostic module Dq can be modified in many different ways. For in- 
stance, a simple modification, Di{S), which eliminates some candidate diagnoses 
containing actions unrelated to the corresponding symptom can be constructed as 
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follows. First, let us introduce some terminology. Let ai{SD) be a function that 
maps each impossibility condition of SD into a collection of atoms 



imp{d), action{d, a),prec{d, m + 1, nil), prec{d, 1, li 



, prec{d, m, l„ 



where c? is a new constant naming the condition, and a, k^s are arguments of the 
condition. Let also REL be the following program: 



REL i 



1. 



rel{A, L) 



rel{A, L) 



rel{A2,L) 



rel{A) 



dJaw{D), 
head{D, L), 
action(D, A). 
law(D), 
head{D, L), 
prec{D,N,P), 
rel{A,P). 
rel{Ai,L), 
imp{D), 
action{D, Ai), 
prec{D,N,P), 
rel{A2,P). 
obs{L, T"), 
T >n, 
rel{A,L). 
T <n, 
o{A, T), 
X-act{A), 
not hpd(A, T), 
not rel{A). 



and 



DMi = DMa U REL U a,{SD). 

The new diagnostic module, Di is defined as 

Di{S) = Conf{S)U DMi. 

(It is easy to see that this modification is safe, i.e. Di will not miss any useful 
predictions about the malfunctioning components.) The difference between Dq(S) 
and -01(5) can be seen from the following example. 

Example 4-. 2 

Let us expand the system S from Example II. II bv a new component, c, unrelated to 
the circuit, and an exogenous action a which damages this component. It is easy to 
see that diagnosis Sq from Example II . II will still be a symptom of malfunctioning 
of a new system, Sa, and that the basic diagnostic module applied to Sa will return 
diagnoses {Di) — (-D3) from Example together with new diagnoses containing a 
and ab{c), e.g. 

Di - {{o{brks,0),o{a,0)},{b,c})- 
Diagnostic module Di will ignore actions unrelated to S and return only (Di) — (D3) . 
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It may be worth noticing that the distinction between hpd and o aUows exogenous 
actions, including those unrelated to observations, to actually happen in the past. 
Constraint (5) of program REL only prohibits generating such actions in our search 
for diagnosis. 

There are many other ways of improving quality of candidate diagnoses by eliminat- 
ing some redundant or unlikely diagnoses, and by ordering the corresponding search 
space. For instance, even more unrelated actions can be eliminated from the search 
space of our diagnostic modules by considering relevance relation rel depending on 
time. This can be done by a simple modification of program REL which is left as 
an exercise to the reader. The diagnostic module Di can also be further modified 
by limiting its search to recent occurrences of exogenous actions. This can be done 

by 

D2{S) = Conf{S)UDM2 
where DM2 is obtained by replacing atom < T < n in the bodies of rules of DMo 
by n — m < T < n. The constant m determines the time interval in the past that 
an agent is willing to consider in its search for possible explanations. To simplify 
our discussion in the rest of the paper we assume that m = 1. Finally, the rule 

^ k{o{A,n~l)}. 

added to DM2 will eliminate all diagnoses containing more than k actions. Of 

course the resulting module D3 as well as D2 can miss some candidate diagnoses 

and deepening of the search and/or increase of k may be necessary if no diagnosis of 

a symptom is found. There are many other interesting ways of constructing efficient 

diagnostics modules. We are especially intrigued by the possibilities of using new 

features of answer sets solvers such as weight rules and minimize of SMODELS and 

weak constraints of DLV dCitrigno, Eiter, Faber, Gottlob, Koch, Leone, Mateis, Pfeifer, Scarcello, 1997| 

IBuccafurri, Leone, and Rullo, 1997| ) to specify a preference relation on diagnoses. 

This however is a subject of further investigation. 

5 Finding a diagnosis 

Suppose now the diagnostician has a candidate diagnosis I? of a symptom S. Is 
it indeed a diagnosis? To answer this question the agent should be able to test 
components of A{D). Assuming that no exogenous actions occur during testing a 
diagnosis can be found by the following simple algorithm, Find_Diag[S): 

function Find-Diag{ var S: symptom ); 

Input: a symptom S ~ (r„, 0™). 

Output: a diagnosis of the symptom, or (0, 0) if no diagnosis 

could be found. Upon successful termination of the loop, the set 0™ 
is updated in order to incorporate the results of the tests 
done during the search for a diagnosis, 
var 0, E : history; 

A, Aq : set of components; 
diag : bool; 
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repeat 

{E,A) := Candidate -Diag[ (r„, O) ); 
if i? = { no diagnosis could be found } 

return((£', A)); 
diag := true; Aq :— A; 
while Ao ^ and diag do 

select c e Aq; Aq :— Aq \ {c}; 

if ohserve{m, ab{c)) = ab{c) then 
O := U ohs{ab{c),m); 

else 

O := U ohs{-^ah{c), m); 
diag :— false] 
end 
end {while} 
until diag; 

return ((£', A)). 

The properties of Find^Diag are described by the following theorem. 
Theorem 3 

Let (S, T", M^) be a diagnostic domain, S'l? be a system description of T, and 
S = (r„, 0™} be a symptom of the system's malfunctioning. Then, 

1. Find_Diag[S) terminates; 

2. let {E,A) = Find_Diag{S), where the value of variable S is set to So- If 
A ^ 0, then 

{E, A) is a diagnosis of So; 

otherwise. So has no diagnosis. 

To illustrate the algorithm, consider the following example. 

Example 5.1 

Consider the system 5' from Example II . II and a history Fi in which b is not pro- 
tected, all components of S are ok, both switches are open, and the agent closes si 
at time 0. At time 1, he observes that the bulb b is not lit, considers S = (Fi, Oi) 
where Oi = {o&s(-ion(6), 1)} and calls function Need_Diag{S) which searches for 
an answer set of Conf{S). There are no such sets, the diagnostician realizes he has 
a symptom to diagnose and calls function Find_Diag{S). Let us assume that the 
first call to Candidate .Diag returns 

PDi = ({o(srff,0)},{r,&}) 

Suppose that the agent selects component r from A and determines that it is not 
faulty. Observation obs{^ab{r),l) will be added to Oi, diag will be set to false 
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and the program will call Candidate _Diag again with the updated symptom S as 
a parameter. Candidate -Diag will return another possible diagnosis 

PD2 = ({o(&rfc,0)},{&}) 

The agent will test bulb b, find it to be faulty, add observation obs{ab{b), 1) to 
Oi and return PD2. If, however, according to our actual trajectory, W, the bulb 
is still ok, the function returns (0,0). No diagnosis is found and the agent (or its 
designers) should start looking for a modeling error. 

6 Diagnostics and repair 

Now let us consider a scenario which is only slightly different from that of the 
previous example. 

Example 6.1 

Let Fi and observation Oi be as in Example 15 . II and suppose that the program's 
first call to Candidate _Diag returns PD2, b is found to be faulty, obs{ab{b),l) is 
added to Oi, and Find-Diag returns PD2. The agent proceeds to have b repaired 
but, to his disappointment, discovers that b is still not on! Intuitively this means 
that PD2 is a wrong diagnosis - there must have been a power surge at 0. 

For simplicity we assume that, similar to testing, repair occurs in well controlled 
environment, i.e. no exogenous actions happen during the repair process. The ex- 
ample shows that, in order to End a correct explanation of a symptom, it is essential 
for an agent to repair damaged components and observe the behavior of the system 
after repair. To formally model this process we introduce a special action, repair{c), 
for every component c of 5. The effect of this action will be defined by the causal 
law: 

caus es {repair (c), -^ab{c), []) 

The diagnostic process will be now modeled by the following algorithm: (Here 
S = (F„, O™) and {o6s(/i,fc)} is a collection of observations the diagnostician 
makes to test his repair at moment k.) 

function Diagnose{S) : boolean; 
Input: a symptom S — (F„, O™). 
Output: false if no diagnosis can be found. Otherwise 

repairs the system, updates 0™, and returns true. 
var E : history; 

A : set of components; 
E^%- 

while Need_Diag{{Tn U E, 0'^)) do 
{E,^)^Find_Diag{{T^,Oi:))- 
if i? = then return(false) 
else 

Repair {/^)] 

0™ := O™ u {hpd{repair{c), m) : c e A}; 
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m := 771 + 1; 

O™ 0™-iu{o&s(/„m)}; 
end 

end 

return(true); 



Example 6.2 

To illustrate the above algorithm let us go back to the agent from Example 16.11 
who just discovered diagnosis PD2 = ({o(6rfc, 0)}, {6}). He will repair the bulb and 
check if the bulb is lit. It is not, and therefore a new observation is recorded as 
follows: 

Oi Oi U {hpd {repair (b), 1), obs{^on{b), 2)} 

Need-Diag{S) will detect a continued need for diagnosis, Find_Diag{S) will re- 
turn PDi, which, after new repair and testing will hopefully prove to be the right 
diagnosis. 

The diagnosis produced by the above algorithm can be viewed as a reasonable inter- 
pretation of discrepancies between the agent's predictions and actual observations. 
To complete our analysis of step 1 of the agent's acting and reasoning loop we need 
to explain how this interpretation can be incorporated in the agent's history. If the 
diagnosis discovered is unique then the answer is obvious - O is simply added to 
r„ . If however faults of the system components can be caused by different sets of 
exogenous actions the situation becomes more subtle. Complete investigation of the 
issues involved is the subject of further research. 



7 Related work 

There is a numerous collection of papers on diagnosis many of which substantially 
influenced the author's views on the subject. The roots of our approach go back 
to ( |Reiter, 1987| ) where diagnosis for a static environment were formally defined 
in logical terms. To the best of our knowledge the first published extensions of 
this work to dynamic domains appeared in ('Thielscher, 1 997'b| ) , where dynamic do- 
mains were described in fluent calculus (Thielscher, 1998j ), and in ( |McIlraith, 1997| ) 
which used situation calculus ( [McCarthy and Hayes, 1969| ). Explanation of mal- 
functioning of system components in terms of unobserved exogenous actions was 
first clearly articulated in ( |McIlraith, 1998| ). Generalization and extensions of these 
ideas ( |Baral, Mcllraith, and Son, 2000| ) which specifies dynamic domains in action 
language jC, can be viewed as a starting point of the work presented in this paper. 
The use of a simpler action language AC allowed us to substantially simplify the ba- 
sic definitions of | |Baral, Mcllraith, and Son, 2000| ) and to reduce the computation 
of diagnosis to finding stable models of logic programs. As a result we were able to 
incorporate diagnostic reasoning in a general agent architecture based on the answer 
set programming paradigm, and to combine diagnostics with planning and other 
activities of a reasoning agent. On another hand ^Baral, Mcllraith, and Son, 2000| ) 
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addresses some questions which are not fully addressed by our paper. In par- 
ticular, the underlying action language of ( |Baral, Mcllraith, and Son, 2000| ) al- 
lows non-deterministic and knowledge-producing actions absent in our work. While 
our formulation allows immediate incorporation of the former, incorporation of 
the latter seems to substantially increase conceptual complexity of the formal- 
ism. This is of course the case in | |Baral, Mcllraith, and Son, 2000| | too but we 
believe that the need for such increase in complexity remains an open question. 
Another interesting related work is dOtero and Otero, 2000| ). In this paper the au- 
thors address the problem of dynamic diagnosis using the notion of pertinence logic 
from jOtero and Cabalar, 19991 ) • The formalism allows to define dynamic diagnosis 
which, among other things, can model intermittent faults of the system. As a result 
it provides a logical account of the following scenario: Consider a person trying to 
shoot a turkey. Suppose that the gun is initially loaded, the agent shoots, observes 
that the turkey is not dead, and shoots one more time. Now the turkey is dead. The 
pertinence formalism of ( |Otero and Otero, 2000| does not claim inconsistency - it 
properly determines that the gun has an intermittent fault. Our formalism on an- 
other hand is not capable of modeling this scenario - to do that we need to introduce 
non-deterministic actions. Since, in our opinion, the use of pertinence logic substan- 
tially complicates action formalisms it is interesting to see if such use for reasoning 
with intermittent faults can always be avoided by introducing non-determinism. 
Additional comparison of the action languages based approach to diagnosis with 
other related approaches can be found in (Baral , Mcllraith, and Son, 2000| ). 

Finally, let us mention that the reasoning algorithms proposed in this paper are 
based on recent discoveries of close relationship between A-Prolog and reasoning 
about effects of actions | |McCain and Turner, 199'5| ) and the ideas from answer set 
programming UMarek and Truszczynski, 1999||Niemela, 1999||Lifschitz, 1999| ). This 
approach of course would be impossible without existence of efficient answer set 
reasoning systems. The integration of diagnostics and other activities is based on 
the agent architecture from ( |Baral and Gelfond, 2000| ). 

8 Conclusions and further work 

The paper describes a work on the development of a diagnostic problem solving 
agent in which a mathematical model of an agent and its environment is based on 
the theory of action language AC from | |Baral and Gelfond, 2000| |. The language, 
which contains the means for representing concurrent actions and fairly complex 
relations between fluents, is used to give concise descriptions of transition diagrams 
characterizing possible trajectories of the agent domains as well as the domains' 
recorded histories. In this paper we: 

• Establish a close relationship between AC and logic programming under the 
answer set semantics which allows reformulation of the agent's knowledge in 
A-Prolog. These results build on previous work connecting action languages 
and logic programming. 

• Give definitions of symptom, candidate diagnosis, and diagnosis which we 
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believe to be simpler than similar definitions we were able to find in the 
literature. 

• Suggest a new algorithm for computing candidate diagnoses. (The algorithm 
is based on answer set programming and views the search for candidate diag- 
noses as 'planning in the past'.) 

• Suggest some simple ways of using A-Prolog to declaratively limit the diag- 
nostician's search space. This leads to higher quality diagnosis and substantial 
improvements in the diagnostician's efficiency. 

• Give a simple account of diagnostics, testing and repair based on the use of an- 
swer set solvers. The resulting algorithms, which are shown to be provenly cor- 
rect, can be easily incorporated in the agent's architecture from ( |Baral and Gelfond, 2000| 

In our further work we plan to: 

• Expand our results to more expressive languages, i.e. those with non-deterministic 
actions, defeasible causal laws, etc. 

• Find more powerful declarative ways of limiting the diagnostician's search 
space. This can be done by expanding A-Prolog by ways of expressing prefer- 
ences between different rules or by having the agent plan observations aimed 
at eliminating large clusters of possible diagnosis. In investigating these op- 
tions we plan to build on related work in ( |Buccafurri, Leone, and RuUo, 19971 ) 
and dBaral, Mcllraith, and Son, 2000| fMcIhaith and Scherl, 2000| ). 

• Test the efficiency of the suggested algorithm on medium size applications. 



9 The syntax and semantics of A-Prolog 

In this section we give a brief introduction to the syntax and semantics of a com- 
paratively simple variant of A-Prolog. The syntax of the language is determined by 
a signature E consisting of types, typesiYi) — {tq, . . . ,Tm}, object constants 
obj{T, E) = {co, . . . , Cm} for each type r, and typed function and predicate con- 
stants funcijy) = {/o, . . . ,/fc} and prediYl) = {poi • ■ • ,Pn}- We will assume that the 
signature contains symbols for integers and for the standard relations of arithmetic. 
Terms are built as in typed first-order languages; positive literals (or atoms) have 
the form p{ti, . . . , t„), where f's are terms of proper types and p is a predicate 
symbol of arity n; negative literals are of the form -'p{ti, . . . , f„). In our further 
discussion we often write p{ti, . . . , t„) as p{t). The symbol -> is called classical or 
strong negation. Literals of the form p{t) and ~'p{t) arc called contrary. By I we 
denote a literal contrary to /. Literals and terms not containing variables are called 
ground. The sets of all ground terms, atoms and literals over S will be denoted 
by terms{T,), atoms{T,) and lit{T,) respectively. For a set P of predicate symbols 
from S, atoms{P,T,) (Zii(P,S)) will denote the sets of ground atoms (literals) of 
E formed with predicate symbols from P. Consistent sets of ground literals over 
signature E, containing all arithmetic literals which are true under the standard 
interpretation of their symbols, are called states of E and denoted by states{T,). 
A rule of A-Prolog is an expression of the form 

lo ^ k, . . . Jrn, not Im+l, ■ ■ ■ , not In (5) 
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where n > 1, 4's are literals, Iq is a literal or the symbol _L, and not is a logical 
connective called negation as failure or default negation. An expression not I says 
that there is no reason to believe in I. An extended literal is an expression of the 
form I or not I where I is a literal. A rule (jSJ is called a constraint if Iq =_L. 

Unless otherwise stated, we assume that the I's in rules lO are ground. Rules with 
variables (denoted by capital letters) will be used only as a shorthand for the sets 
of their ground instantiations. This approach is justified for the so called closed do- 
mains, i.e. domains satisfying the domain closure assumption ( |Reiter, 1978| ) which 
asserts that all objects in the domain of discourse have names in the language of 

n. 

A pair (S, 11) where E is a signature and 11 is a collection of rules over S is called 
a logic program. (We often denote such pair by its second element 11. The corre- 
sponding signature will be denoted by S(n).) 

We say that a literal I € litCS) is true in a state A of E if / G X; / is false in X if 
I G X; Otherwise, I is unknown. ± is false in X. 

Given a signature E and a set of predicate symbols E, lit{ll, E) denotes the set of 
all literals of S formed by predicate symbols from E. If 11 is a ground program, 
litili) denotes the set of all atoms occurring in 11, together with their negations, 
and lit(Jl, E) denotes the set of all literals occurring in litili) formed by predicate 
symbols from E. 

The answer set semantics of a logic program 11 assigns to 11 a collection of answer 
sets - consistent sets of ground literals over signature S(n) corresponding to be- 
liefs which can be built by a rational reasoner on the basis of rules of H. In the 
construction of these beliefs the reasoner is assumed to be guided by the following 
informal principles: 

• He should satisfy the rules of 11, understood as constraints of the form: If one 
believes in the body of a rule one must belief in its head. 

• He cannot believe in ± (which is understood as falsity). 

• He should adhere to the rationality principle which says that one shall not 
believe anything he is not forced to believe. 

The precise definition of answer sets will be first given for programs whose rules 
do not contain default negation. Let H be such a program and let A be a state of 
E(H). We say that A is closed under H if, for every rule head <— body of H, head is 
true in A whenever body is true in A. (For a constraint this condition means that 
the body is not contained in X.) 

Definition 9.1 
(Answer set - part one) 

A state A of E(H) is an answer set for H if A is minimal (in the sense of set-theoretic 
inclusion) among the sets closed under H. 

It is clear that a program without default negation can have at most one answer 
set. To extend this definition to arbitrary programs, take any program H, and let 
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X be a state of S(n). The reduct, H'^, of 11 relative to X is the set of rules 



h 




for all rules 10 in 11 such that ■ ■ ■ ,ln ^ X. Thus 11^ is a program without 

default negation. 

Definition 9.2 
(Answer set - part two) 

A state X of S(n) is an answer set for 11 if X is an answer set for 11'''^. 

(The above definition differs slightly from the original definition in ( |Gelfond and Lifschitz, 1991| ) 
which allowed the inconsistent answer set, lit{Ti). Answer sets defined in this paper 
correspond to consistent answer sets of the original version.) 



An action description of AC is a collection of propositions of the form 

1. causes{ae, Iq, [k, . . . , Q), 

2. caused{lo, [h, ■ ■ • , In]), and 

3. impossible^if {ae,[li, ■ ■ ■ , In]) 

where Ce is an elementary action and 4), • • ■ , are fluent literals from E. The first 
proposition says that, if the elementary action ag were to be executed in a situation 
in which 4, . . . , Z„ hold, the fluent literal Iq will be caused to hold in the resulting 
situation. Such propositions are called dynamic causal laws. The second proposition, 
called a static causal law, says that, in an arbitrary situation, the truth of fluent 
literals, h, . . . ,ln is sufficient to cause the truth of Iq. The last proposition says that 
action cannot be performed in any situation in which li, . . . ,l„ hold. (The one 
presented here is actually a simplification of AC. Originally impossible^if took as 
argument a compound action rather than an elementary one. The restriction on 
being elementary is not essential and can be lifted. We require it to simplify the 
presentation). To define the transition diagram, T, given by an action description 
A of AC we use the following terminology and notation. A set S of fluent literals is 
closed under a set Z of static causal laws if S includes the head, k), of every static 
causal law such that {li, . . . , Z„} C S. The set Cnz{S) of consequences of S under Z 
is the smallest set of fluent literals that contains 5" and is closed under Z. E{ae,a) 
stands for the set of all fluent literals Iq for which there is a dynamic causal law 
causes{ae, /o, [^i, • • ■ , In]) in A such that [k, . . . ,ln] ^o. E{a, a) = Uo.ea E{ae,a). 
The transition system T — {S, K) described by an action description A is defined 
as follows: 

1. iS is the collection of all complete and consistent sets of fiuent literals of S 
closed under the static laws of A, 

2. TZ is the set of all triples {a, a, a') such that A does not contain a proposition 
of the form impossible -if {a, [/i, . . . , /„]) such that [Zi, . . . , Z„] C cr and 
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a' = Cnz{E{a,a) U {a Da')) 



(6) 
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where Z is the set of all static causal laws of A. The argument of Cn{Z) in 
(O is the union of the set E{a,a) of the "direct effects" of a with the set 
a Da' of facts that are "preserved by inertia". The application of Cn{Z) adds 
the "indirect effects" to this union. 

We call an action description deterministic if for any state uo and action a there is 
at most one such successor state cti . 

The above definition of T is from | |McCain and Turner, 1997| ) and is the product 
of a long investigation of the nature of causality. (See for instance, | |Lifschitz, 1997| 
[Thielscher, 1997a| ).) Finding this definition required the good understanding of the 
nature of causal effects of actions in the presence of complex interrelations between 
fluents. An additional level of complexity is added by the need to specify what is not 
changed by actions. The latter, known as the frame problem, is often reduced to the 
problem of finding a concise and accurate representation of the inertia axiom - a de- 
fault which says that things normally stay as they are ( [McCarthy and Hayes, 1969| ). 
The search for such a representation substantially influenced AI research during the 
last twenty years. An interesting account of history of this research together with 
some possible solutions can be found in dShanahan, 1997| ). 



11 Properties of logic programs 

In this section we introduce several properties of logic programs which will be used, 
in the next appendix, to prove the main theorem of this paper. 
We begin by summarizing two useful definitions from ( [Brass and Dix, 1994| ). 
Definition 11.1 

Let g be a literal and F be a logic program. The dehnition of q in P is the set of 
all rules in P which have q as their head. 

Definition 11.2 {Partial Evaluation) 

Let g be a literal and P be a logic program. Let 

q ^ 

be the definition of q in P. The Partial Evaluation of P w.r.t. q (denoted by e{P , q)) 
is the program obtained from P by replacing every rule of the form 

P ^ Ai, g, A2. 
with rules 

p ^ Ai,ri,A2. 
p ^ Ai,r2,A2. 

Notice that, according to Brass-Dix Lemma ( [Brass and Dix, 1994| ), P and e{P, q) 
are equivalent (written P ~ e(F, q)), i.e. they have the same answer sets. 

The following expands on the results from ( [Brass and Dix, 1994| |. 
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Definition 11.3 {Extended Partial Evaluation) 

Let P be a ground program, and q = (gi, (72, ■ • ■ , ?«) be a sequence of literals. The 
Extended Partial Evaluation of P w.r.t. q (denoted by e{P , q)) is defined as follows: 

eiP ^)-[ ^ if « = 

^ \ e(e(P, g„), (gi, g2, ■ ■ • , gn-i)) otherwise 

From now on, the number of elements of q will be denoted by \q\. 
Definition 11. 4 (Trimming) 

Let q and P be as above. The Trimming of P w.r.t. q (denoted by t{P, q)) is the 
program obtained by dropping the definition of the literals in q from e{P, q). 



Lemma 1 

Let P and R be logic programs, such that 

Then, for any sequence of literals q, 
e(F, q) ~ e(i?, q). 



(8) 
(9) 



Proof 

By induction on | q\ . 

Base case: \q\ =0. By Definition 1 11. 31 e{P, q) ^ P and e{R, q) = R. Then, (jHJ can 
be rewritten as e(P, q) ~ e(i?, g). 

Inductive step: let us assume that Q holds for \q\ = n — 1 and show that it holds 
for |g| = 71. Since P ~ i?, by inductive hypothesis 

e{P, {qi,..., qn-i)) ^ e{R, {qi,..., g„-i)). (10) 

By the Brass-Dix Lemma, 

e{P,q^)^P and e{R,q^)^R- (11) 

Again by inductive hypothesis, Hll() becomes e(e(P, g„), {qi, . . . , qn-i)) — e(P, 
(gi, . . . , g„_i)) and similarly for R. Then, H10|l can be rewritten as 

e(e(F, g„), (gi, ■ . . , g„-i)) =i e(e(i?, g„), (gi, . . . , g„_i}). (12) 

By Definition lll.3l e{e{P, g„), (gi, . . . , gn-i)) = e{P, q) and similarly for R. Then, 
()12|l becomes 

e(F, g) ^ e(i?, g). 

□ 

Lemma 2 

Let g be a sequence of literals and P be a logic program. Then, 

P^e{P,q). (13) 



24 M. Balduccini and M. Gelfond 

Proof 

By induction on |g|. 

Base case: \q\ ^ 0. P = e{P, q) by Definition 1 11. 31 

Inductive step: let us assume that Ijl^f) holds ioi \q\ — n — 1 and show that it holds 
for |g| = n. 

By the Brass-Dix Lemma, P ~ e(P, Then, Lemma^can be applied to P and 
e{P, qn), obtaining 

e{P, (gi, . . . , qn-i)) ^ e{e{P, (gi, . . . , q„-i)). (14) 
Since, by inductive hypothesis, P ~ e{P, (gi, . . . , qn-i)), H14() can be rewritten as 

P ~ e(e(F, g„), {qi, g„_i}), 
which, by Definition II 1.31 implies (|13|l . □ 

The following expands similar results from ( [Gelfond and Son, 1998| ), making them 
suitable for our purposes. 

Definition 11.5 {Strong Conservative Extension) 

Let Pi and P2 be ground programs such that lit{Px) C lit{P2). Let Q be lit{P2) \ 
lit{Pi). 

We say that P2 is a Strong Conservative Extension of Pi w.r.t. Q (and write 
Pi) if: 

• if yl is an answer set of P2 , ^ \ Q is an answer set of Pi ; 

• if yl is an answer set of fi, there exists a subset B oi Q such that ^ U i? is 
an answer set of ^2- 

Lemma 3 

Let P be a ground program, Q C lit{P), and q ~ {qi, . . . , g„) be an ordering of Q. 
If Q n lit{t{P, q)) = 0, then 

P is a Strong Conservative Extension of <(P, q) w.r.t Q • (15) 

Proof 

Notice that, under the hypotheses of this lemma, the complement, Q, of Q is a 
splitting set for e{P,q), with bottom-g{e{P , q)) — t{P,q). Then, by the Splitting 
Set Theorem, and by Definition lll.51 

e{P,q)-^Q tiP,q). (16) 

By Lemma|21 P — e(P, q). Then, H16|) can be rewritten as 

P^Q t{P,q)- 



□ 
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12 Proofs of the theorems 
12.1 Proof of Theorem{^ 

The proof of Theorem^ will be given in several steps. 

First of all, we define a simplified encoding of an action description, SD, in A- 
Prolog. Then, we prove that the answer sets of the programs generated using this 
encoding correspond exactly to the paths in the transition diagram described by 



Later, we extend the new encoding and prove that, for every recorded history r„, 
the models of r„ are in a one-to-one correspondence with the answer sets of the 
programs generated by this second encoding. 

Finally, we prove that programs obtained by applying this second encoding are 
essentially 'equivalent' to those generated with the encoding presented in Section 
01 which completes the proof of Theorem^ In addition, we present a corollary that 
extends the theorem to the case in which the initial situation of r„ is not complete. 



The following notation will be useful in our further discussion. Given a time point 
i, a state cr, and a compound action a, let 



These sets can be viewed as the representation of a and a in A-Prolog. 
Definition 12.1 

Let SD be an action description of AC , be a positive integer, and 'S{SD) be the 
signature of SD. 'S^iSD) denotes the signature obtained as follows: 



SD. 



12.1.1 Step 1 



h{(T, t) 
o{a, t) 



{h{l,t) M e <t} 

{o{a\ t)\ a' e a}. 



(17) 



• constiT.^SD)) = {const{j:{SD)) U {0, . . . , n}); 

• pred{j:-^{SD)) = {h, o}. 



Let 



{ni{SD),j:",{SD)), 



(18) 



where 




(19) 



riESD 



and ad{r) is defined as follows: 

• ad{causes{a, l„, [k, . . . , Z„])) is 

h{h, T') ^ h{h, T),..., hil^, T), o{a, T). 

• ad{caused{lo, [k, . . . , /„])) is 

hik>,T)^hih,T),...,hilm,T). 



(20) 
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• ad{impossible_if {a, [li, . . . , Im])) is 

^ h{li,T),...,h{l,n,T), 
o{a, T). 

Let also 

(32{SD)^{Ii^,{SD),i:-,{SD)), (21) 
where 

n1{SD) = n^^{SD)\jna (22) 

and is the foUowing set of rules: 

1. h{L, T') ^ h{L, T), 

not h(L, T'). 

2. ^ h{L,T),h{L,T). 

When we refer to a single action description, we will often drop the argument from 
T.]^{SD),a'^{SD),U'^{SD),(32iSD),U'^^{SD) in order to simplify the presentation. 

For the rest of this section, we will restrict attention to ground programs. In order to 
keep notation simple, we will use a^, a" and /3" to denote the ground versions 
of the programs previously defined. 

For any action description SD, state ctq and action oq, let /3^(S'-D, ctq, oq) denote 

/3^U/i(fTo,0)Uo(ao,0). (23) 
We will sometimes drop the first argument, and denote the program by /3^(cto, <ki)- 
The following lemma will be helpful in proving the main result of this subsection. 
It states the correspondence between (single) transitions of the transition diagram 
and answer sets of the corresponding A-Prolog program. 

Lemma 4 

Let SD be an action description, T{SD) be the transition diagram it describes, and 
/3 J ((To, oo) be defined as in 1231). Then, (ctq, 00,^1) G r(S'D) iff cri = {I \ h{l,l) € A} 
for some answer set A of /?J(o'o, oq). 

Proof 

Let us define 

/ = /i(ao,0)Uo(ao,0) (24) 

and 

Left- to- right. Let us show that, if {ao, ao,ai) E T{SD), 

A = LUh{ai,l) (25) 

is an answer set of P\{ao, oq). Notice that {ao, oq, cti) G T(SD) implies that ai is a 
state. 

Let us prove that A is the minimal set of atoms closed under the rules of the reduct 
P^. contains: 
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a) set /; 

b) all rules in a\{SD) (see (CHI); 

c) a constraint ^ h{l^ t), hQ,, t). for any fluent literal I and time point t; 

d) a rule 

h{l,l) ^ h{l,0) 

for every fluent literal / such that h{l,l) G A (in fact, since cti is complete 
and consistent, h{l, 1) e ^ ^ h(l, 1) ^ A). 

A is closed under P^ . We will prove it for every rule of the program. 
Rules of groups (a) and (d): obvious. 

Rules of group (b) encoding dynamic laws of the form causes{a, l,[li, . . . , Im])'- 

h{l,l) ^ h{h,0),...,h{l„„0), 
o{a,0). 

If {h{li,0), . . . , h{lm,0), o{a, 0)} C A, then, by (^51) . {^i, . . . , ^ cro and a £ oq. 
Therefore, the preconditions of the dynamic law are satisfied by ctq- Hence ^ 
implies I £ cri. By (HsJ, h{l, 1) e A. 

Rules of group (b) encoding static laws of the form caused{l, [/i, . . . , 

h{l,t) <- h{h,t),...,h{l,^,t). 

If {h{li, t),. . . , h{lm, t)} C A, then, by {^i, . . . , C at, i.e. the preconditions 
of the static law are satisfied by ctj. If t = 1, then ^ implies / G cti. By (|2Sl, 

h{l, t) £ A. li t — 0, since states are closed under the static laws of SD, we have 
that / e ao- Again by h{l, t) e A. 

Rules of group (b) encoding impossibility laws of the form impossible -if {a, [Zi, . . . , /,„]): 

^ h{k,Q),...,h{l„,,Q), 
o(a,0). 

Since (tro, oq, cti) G T{SD) by hypothesis, (cto, oq) does not satisfy the preconditions 
of any impossibility condition. Then, either a ^ uq or k ^ ctq for some i. By (|25|l . 
the body of this rule is not satisfied. 

Rules of group (c). Since ctq and ai are consistent by hypothesis, I and I cannot 
both belong to the same state. By H25() . either h{l,0) ^ j4 or h(l,0) ^ A, and the 
same holds for time point 1. Therefore, the body of these rules is never satisfied. 

A is the minimal set closed under the rules of P^ . We will prove this by assuming 
that there exists a set B C A such that B is closed under the rules of P^ , and by 
showing that B = A. 

First of all, 

/ C 5, (26) 

since these are facts in P"^. 
Let 

6 ^ {I \ h{l,l) e B}. (27) 
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Since B C A, 

5 C cTi (28) 

We will show that S — ai hy proving that 

6= CNz{E{af,,ao)Uiair\ao)). (29) 

Dynamic laws. Let d be a dynamic law of SD of the form causes{a, Zq, [^i, ■ ■ • , im]), 
such that a e oq and {li, . . . , /„} C erg. Because of (|26|l . h{{li, . . . , Z„j}, 0) C i? and 
o(a,0) e 5. Since i? is closed under ad{d) (^0)) . /i(/o, 1) £ 5, and k) & S. Therefore, 
-£(00,0-0) ^ (5. 

Inertia . contains a (reduced) inertia rule of the form 

h{l,l) ^ h{l,0). (30) 

for every literal Z G cri. Suppose I G aiClao. Then, h{l, 0) G /, and, since B is closed 
under h{l, 1) G B. Therefore, cti n o-q C 5. 

Static laws . Let s be a static law of SD of the form caused(lo, [li, . . . , Im]), such that 

/i({/i,...,/„},0) C B. (31) 

Since B is closed under ad{s) (|20|l . /i(Zo, 1) £ 5, and /o G (5. Then, S is closed under 
the static laws of SD. 

Summing up, (|29|l holds. From ((HJ and H28() . we obtain cri = (5. Therefore /i(cri, 1) C 
B. 

At this point we have shown that / U h{(Ti, 1) C _B C ^. 

Right-to-left. Let A be an answer set of P such that cri ~ {I \ h{l,l) G j4}. We 
have to show that 

ai^ CNz{E{a^,ao)U{ainao)), (32) 

that (<To,flo) respects all impossibility conditions, and that cti is consistent and 
complete. 

(Ti consistent. Obvious, since ^ is a (consistent) answer set by hypothesis. 

(Ti complete. By contradiction, let I be a literal s.t. I ^ ui, 7 ^ fii, and I G cto (since 
(To is complete by hypothesis, if I ^ ao, we can still select I). Then, the reduct P"^ 
contains a rule 

/i(/,l) ^ /i(/,0). (33) 

Since A is closed under P^, h[l, 1) G ^ and I G cri. Contradiction. 

Impossibility conditions respected. By contradiction, assume that condition 
impossible -if {a, [Zi, . . . , /„]) is not respected. Then, h{{li, . . . , 0) C ^ and 
o(a,0) G A. Therefore, the body of the a^-mapping ipH]) of the impossibility con- 
dition is satisfied by A, and A is not a (consistent) answer set. 

^ holds. Let us prove that di 3 E{ao,ao). Consider a dynamic law cZ in SD of 
the form causes{a, Ig, [li, . . . , 4n])i such that {li, . . . , C tjo and a G og. Since yl 
is closed under ad{d) (jSOJ, h{lo,l) G ^. Then, cti D i?(ao,cro)- 
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CTi 13 CTi n CTo is trivially true. 

Let us prove that di is closed under the static laws of SD. Consider a static law 
s, of the form caused{lQ, [li, . . . , lm\), such that {Zi, . . . , C oq. Since A is closed 
under ad{s) (1201, 1) e A. 

Let us prove that ai is the minimal set satisfying all conditions. By contradiction, 
assume that there exists a set ^ C ai such that 5 ^ £'(ao, ctq) U (cti n cto) and that 5 
is closed under the static laws of SD. We will prove that this implies that A is not 
an answer set of P . 

Let A' be the set obtained by removing from A all atoms h{l, 1) such that I £ (Ji\5. 
Since 5 C ui, A' c A. 

Since 5 D E{ao, (To)U(iTi Hcto): for every I e cti \(5 it must be true that I ^ ctq and I ^ 
E{aQ, (To)- Therefore there must exist (at least) one static law caused{l, [Zi, . . . , Im]) 
such that Q cTi and {h, ■ ■ ■ , Im} S. Hence, A' is closed under the rules 

of P^. This proves that A is not an answer set of P. Contradiction. □ 

We are now ready to prove the main result of this subsection. The following notation 
will be used in the theorems that follow. Let SD be an action description, and 
M = ((To, ao, o"!, . . . , (j„_i, (T„) be a sequence where at are sets of fluent literals and 
Oi are actions. o{M) denotes 



with o{a, t) from l(T7|) . The length of M, denoted by 1{M), is where m is the 

number of elements of M . 

Given an action description SD and a sequence M = ((Tq, (lo, (Ti, Cn), 
P^iSD, M) denotes the program 



We win use (32{M) as short form for (3'^{SD, M). 
Lemma 5 

Let SD be an action description, M — ((To, (Jo, (Ti, . . . , a„_i, (t„) be a sequence of 
length n, and (3'2{M) be defined as in (|34|l . If (To is a state, then, M is a trajectory 
of T{SD) iff M is defined by an answer set of P = fi^iM)- 

Proof 

By induction on 1{M). 

Base case: 1{M) ~ 1. Since 1{M) = 1, M is the sequence ((Tq, oo, (Ti), o{M) — 
o((2o,0) and, since ao is a state by hypothesis, P = j3^{SD , ao, oq) |(^ . Then, 
Lemma 0] can be applied, thus completing the proof for this case. 

Inductive step. We assume that the theorem holds for trajectories of length n — 1 
and prove that it holds for trajectories of length n. 

M = ((To, (Zo, (Ti, . . . , (J,i-i, (T„) is a trajectory of T{SD) iff 



U o((Jt, i). 



/32 U/i((To,0) U o(M). 



(34) 



M' = 



((To, (Io, Cti) e T{SD), and 
((Ti, ai, . . . , a„_i, (T„) is a trajectory of T{SD). 



(35) 
(36) 
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Let i?i denote l3\{SD,aa, oo)- By Lemmagl (ESJ holds iff 

Ri has an answer set, such that ai — {I \ h{l, 1) e ^4}. (37) 

Notice that this implies that ai is a state. Now, let R2 denote (3'2~^{SD, M'). By 
inductive hypothesis, (|36|l holds iff 

M' is defined by an answer set, B, of i?2- (38) 

Let 5* be the set containing all literals of the form h{l,0), h{l,l) and o(a, 0), over 
the signature of P. Let C be the set of the constraints of Notice that: 

• is a splitting set of P; 

• bottoms {P) = Ri\C. 

Then, 133 holds iff 

A is an answer set of bottoms {P), satisfying C, 

such that (Ji = {l \ h{l, 1) £ A}. (39) 

For any program R, let R^^ denote the program obtained from R by: 

1. replacing, in the rules of i?, every occurrence of a constant symbol denoting 
a time point with the constant symbol denoting the next time point; 

2. modifying accordingly the signature of R. 

Then, ^ holds iff 

M' is defined by a set B such that B^^ is an answer set of i?^'^ • (40) 

Notice that es{P,A) = esiPf^ , A)lies{C , A). Therefore, 4 satisfies Ciff es(F,^) = 
esiRt^^A). Notice also that es(iZ+\^) ~ 

Then, ^ and ^ hold iff 

A is an answer set of bottoms (P) 
such that (Ji = I h{l, 1) G ^}, and 

M' is defined by B, and (41) 
5+^ is an answer set of es{P,A). 

By Definitional EH) holds iff 

^ is an answer set of bottoms (P), and 

M is defined by ^ U and (42) 
5+^ is an answer set of es{P, A). 

By the Splitting Set Theorem, lO holds iff 
M is defined by an answer set of P- 

□ 
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12.1.2 Step 2 

In this subsection, we extend the previous encoding in order to be able to generate 
programs whose answer sets describe exactly the paths consistent with a specified 
recorded history r„. 

Let Sp ^(-S*!?) denote the signature defined as follows: 

• con.st{T.^^^{SD)) = consti^'^iSD)); 

• pred{T.^ '^iSD)) ^ pred(T.'^{SD)) U {hpd, ob.s}. 

Let 

aS(5I?,r„) = (nr,S?_,), (43) 

where 

= n^(^i))unur„. (44) 

n^(S'D) is defined as in l|22|) . and II is the set of rules: 

3. o{A, T) ^ hpd{A, T). 

4. /i(L,0) ^ o&s(L,0). 

5. ^ obs{L, T), 

not h{L, T). 

(Notice that these rules are equal the last 3 rules of program 11, defined in Section 

H) 

When we refer to a single system description, we will often drop argument SD from 
l^P^{SD),a]^{SD,T„),Tl^{SD) in order to simplify the presentation. 

Notice that, as we did before, in the rest of this section we will restrict attention 
to ground programs. 

Proposition 1 

If the initial situation of r„ is complete, i.e. for any fluent / of SD, r„ contains 
obs{f,Q) or o&s(-i/,0), then 

M is a model of r„ (45) 

iff 

M is defined by some answer set of a'2{SD, r„). (46) 

Proof 

Let Pq be a^{SD, r„), and Pi be obtained from Pq by removing every constraint 
^ obs{l,t), 

not h{l,t). ^ ' 

such that obs{l, t) ^ r„. Notice that 

Po-^i, (48) 
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hence (gH) holds iff 

M is defined by some answer set of Pi. (49) 



Let Q be the set of literals, over the signature of Pi, of the form hpd{A, T) and 
obs{L, 0). Let q be an arbitrary ordering of the elements of Q, and P2 be t{Pi, q). By 
LemmaOl Pi >~q P2- Since predicate names h and o are common to the signatures 
of both Pi and P2, ^ holds iff 

M is defined by some answer set of P2. (50) 

Let ctq be {I \ obs{l, 0) e r„}. It is easy to check that 
rules{P2) = i?U C, 

where = /3;j- U /i(cto, 0) U {o(a, t) \ hpd{a, t) e r„} (see ^) and C is the set of 
constraints 

^ not h{l, t). 

such that obs{l, t) G r„. 
Then, ^ holds iff 

M is defined by some answer set. A, oi R, and (51) 
A satisfies C. (52) 



Notice that R = (3'^{M). 

Since the initial situation of r„ is complete, (Tq is complete. This, together with 
(|51ll . implies that ctq is closed under the static laws of SD, i.e. co is a state. Then, 
Lemma El can be applied, obtaining that 1)51(1 holds iff 

M is a trajectory of T(S'_D), and 

o{M)^{o{a,t)\hpd{a,t)(^Tn} (53) 



By construction of C, (|52|l holds iff, if obs{l, t) e r„, then h{l, t) e A. According 
to Lemma El h{l,t) ^ A iS I ^ <Tt, where at are the states that appear in M. 
Therefore, (O holds iff 

if obs{l,t) e r„,then / G cTf. (54) 



By Definition ESta), ^ and (^3 hold iff 



M is a model of F 



□ 
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12.1.3 Step 3 

In this section we prove that models of r„ are in a one-to-one correspondence with 
the answer sets of a{SD,Tn). We will do this by proving that the answer sets of 
a'^{SD,Tn) and of a{SD,Tn) define the same models. 

In order to prove this equivalence, we define a new encoding of AC that will allow 
us to link a{SD,Vn) and a'l{SD,Tn). 

Let SD be an action description of AC and Yj{SD) be its signature. For any positive 
integer n, S"(5'£') denotes the signature obtained as follows: 

• const{Y.'^ {SD)) = const{Y.{SD))\j{Q, . . . ,n]\j{l, . . . ,k], where k is the max- 
imum number of preconditions present in the laws of SD; 

• pred{'E"{SD)) — {h, o, d Jaw, s Jaw, head, action, prec, all-h, prec-h}. 

Let 

a"{SD) = (n"(5D), ^"(SD)), (55) 

where 

W'iSD) = U a(r) (56) 

reSD 

and a{r) is defined as in Section 0] 
Finally, let 

/3"(5L>) = (n'3(5D), E"(5'Ll)}, (57) 
where 

U/^iSD) ^n"{SD)UU- (58) 
and n~ is the set of rules: 

1. h{L, T') ^ dJaw{D), 

head{D, L), 
action{D, A), 
o{A, T), 
prec.h{D, T). 

2. h{L, T) ^ sJaw{D), 

head{D, L), 
precJi{D, T). 

3. all_h{D,N,T) ^ prec{D , N , nil) . 

4. alLh{D,N,T) ^ prec{D,N,P), 

h{P,T), 
allJi{D,N', T). 

5. prec.h{D,T) ^ alLh{D,l,T). 

6. h{L, T') ^ h{L, T), 

not h(L, T'). 

7. ^ h{L,T),h(L,T)- 
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(Notice that these rules correspond to rules (1) — (7) of program 11 defined in Section 

m 

When we refer to a single action description, we will often drop the argument from 
i:'^{SD),a"{SD),U°'{SD),(3"{SD),U'^{SD) in order to simplify the presentation. 
We will also restrict attention to the ground versions of the programs just defined. 
For this reason, we will abuse notation slightly and denote by a"'{SD) and I3'^{SD) 
the ground versions of the programs defined above. 

The following theorem establishes a link between and [3'2- 
Lemma 6 

Let SD be an action description, n be a positive integer, and Q denote lit{P^) \ 
ht{f32)- Then, for any program R such that lit{R) Ci Q — 

l3"URyQ f32liR. 

Proof 

Let q be an ordering of the elements of Q, P be /5" U R, and Pa be (3^ U R. 

Notice that, in e{P, q), the elements of Q only occur in the rules that define them, 
and that lit{R) n Q = by hypothesis. Then, by LemmaO 

P^QtiP^q). (59) 

It can also be easily checked that t{P, q) = Pd- Hence, (|59ll can be rewritten as 

that is, 

□ 

We are finally able to give the proof of Theorem ^ 
Theorem 

If the initial situation of r„ is complete, i.e. for any fluent / of SD, r„ contains 
obs{f,0) or o&s(-i/,0), then M is a model of r„ iff M is defined by some answer 
set of a(5'i:»,r„). 

Proof 

By Proposition M is a model of r„ iff M is defined by some answer set of 
a3(S'D,r„). Let Pd be a'^{SD,Tn) and P be a{SD,Tn). Let R be Let also 

Q be lit{P) \ lit{Pd). By LemmaEl /3" U g U R. From this we obtain that 
a[SD,Tn) >Q oi'^{SD ,T n)- Notice that predicate names h and o are common to 
the signatures of both P and Pd- Then, the thesis follows from the definition of 
Strong Conservative Extension. □ 

The following corollary extends Theorem^to the case in which the initial situation 
of r„ is not complete. 
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Corollary 2 
Let R be 



/i(F,0) ^ not h{-^F,Q). 
h{^F,0) ^ not h{F,0). 

For any history r„, 

M is a model of r„ (60) 

iff 

M is defined by some answer set of a{SD, r„) U R. (61) 

Proof 

Let (To be tlie first component of M, and obs{ao,0) — {obs{l,0) \ I e ctq}- First of 
all, we will show that H61() is equivalent to 

M is defined by some answer set of a{SD,Tn) U obs{ao,0). (62) 

Let Hi = a{SD,rn) U R and 112 = a(5'£',r„) U o&s(cto,0). Consider a splitting of 
Hi and 112 based on set 

S = {obs{l,0) I / e FL}U{h{l,0) \ I e FL} 

where FL is the set of fluent literals of SD. Let set Q include: 

• the set of ground instances, with T" = 0, of rules (2)-(5) (we need to con- 
sider only the instances where variable D denotes a static law), and (9) from 
program 11, in Section^ 

• the subset of a{SD) containing those facts occurring in the body of the above 
rules. 

Hi and 112 are split by S so that: 

bottomsilli) = RU QU{TnnS), (63) 
bottoms {TI2) = Q U obs{ao,0), (64) 
tops (Hi) = topsin^). (65) 

bottoms (112) has a unique answer set, A2, and A2 H lit{h) = h{ao,0). It can be 
shown that there exists an answer set, Ai, of bottoms{Tli), such that Ai C A2. 
Moreover, for such Ai, 

Ai \ lit{obs) = ^2 \ lit{obs). (66) 

Let Q' denote the set of ground instances, with T" = 0, of rule (10) from program 
n in Sectional From (jHS)) and (j^ . 

e5(ni\Q',^i)~es(n2\g',^2). (67) 
Since the body of the rules in Q' is never satisfied, 

65(01,^1) ~ e5(n2, ^2). (68) 

Let B be an answer set of 6^(02,^2) and C2 — B U A2. By the Splitting Set 



36 M. Balduccini and M. Gelfond 

Theorem, Ci = B U Ai is an answer set of Hi. Tliis implies that H61|l is equivalent 

to ini- 

Now we will complete the proof by showing that (|62|l is equivalent to (|60|) . Since 

a{SD,rn) U o&s(cto,0) = a(5'LI,r„ U obs{ao,0)), 
Equation holds iff 

M is defined by some answer set of a(5£',r„ U o&s(cro,0)). (69) 
By Theorem □ ^ holds ifT 

M is a model of r„ U o6s(cto,0). (70) 
By Definition |23a), ^ holds iff 

M is a model of r„ • (71) 

□ 

12.2 Answer sets of Dq{S) and candidate diagnoses 

Theorem 121 establishes a link between answer sets and candidate diagnoses. In this 
section, we give a proof of this theorem. 

Theorem |3 

Let (S, T", W) be a diagnostic domain, SD be a system description of T", 5 = 
(r„, O™) be a symptom of the system's malfunctioning, and E and 5 be sets of 
ground atoms. 

{E, A) is a candidate diagnosis of S (72) 

iff 

{E,A) is determined by an answer set of Do{S). (73) 

Proof 

By definition of candidate diagnosis, H72() holds iff 



there exists a model, M, of history r„ U 0,™ U E such that 
A = {c I M ^ h{ab{c),m)}. 

By Corollary El ^ holds iff 

there exists an answer set, X , oi P — Conf{S) U E such that 
A = {c I h{ah{c),m) e X}. 

Consider now lO- By definition (121 (|Z3l holds iff 

there exists an answer set, X' , of P' = Dq{S) such that 
{E, A) is determined by X'- 

Let 

SPo = {hpd{a, t) I hpd{a, t) e P and a G Ae}, 



(74) 



(75) 



(76) 
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SP = SPo U {o(a, t) I hpd{a, t) e SPa}. 
SP is a splitting set for both P and P' . 

By the Splitting Set Theorem, H75() and (|76|l are, respectively, equivalent to 

(a) there exists an answer set, Xb, of bottomsp{P) and 

(b) there exists an answer set, Y, of esp{P,XB) (77) 
such that A = {c I h{ab{c), m) e Xb LI Y}. 

(a) there exists an answer set, X^, of hottomsp{P') and 

(b) there exists an answer set, Y' , of esp{P' , X^) (78) 
such that {E, A) is determined by X'g U F'- 

We want to prove that H77() and H78|l are equivalent. 
Let 

Ed — {hpd(a, t) I hpd{a, t) d E and hpd{a, t) ^ r„}, 

and Q be the set of rules 

o{A, T) <- hpd{A, T). 

for A and T such that hpd{A, T) e Ed- bottomsp{P) is EdU Q and bottomsp{P') 
is DMq U (5- Let 5 and B' be defined as follows: 

H = {hpd{a, t) I hpd{a, t) e Ed} 

B = HU{o{a,t) \ hpdia,t) e H} (79) 
B' = B\EdD {-o(a, t) | o(a, i) ^ 5}. 

Let us show that (|77k ') holds iff (|75k ) holds. 

Assume that ((77h ') holds. It is easy to see that 5 is the unique answer set of 
hottomsp{P)- If we observe that the answer sets of hottomsp{P') enumerate all 
possible sequences of exogenous actions, we obtain that B' is an answer set of 
hottomsp{P'). Therefore, iffSk) holds. 

Now, assume that (|78b ') holds. As before, B' is an answer set of hottomsp{P')- 
Immediately, we obtain that B is an answer set of hottomsp{P)- Therefore, H77b) 
holds. 

Let us now show that esp{P, B) ^ esp{P', B'). Notice that topsp{P) = Conf{S) \ 
Q = topsp{P'). Let I = BnB' and 7 = (S U S') \ /. Observe that, for every literal 
1^1,1^ topsp{P). This means that 

esp{P,B) = esp{PJ) = esp{P',I) = esp[P',B'). (80) 

Let Z denote an answer set of esp{P, B). By construction of B and B' and from 
(EOJ), 

A = {c I h{ab{c), n - 1) e {B U Z)} iff {E, A) is determined by B' U Z- 
Hence, l(77)l and (|7S|l are equivalent. □ 
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12.3 Properties of Diagnostic Module Di 

In this subsection, we show that using diagnostic module Di in place of Dq is safe, 
i.e. Di will not miss any useful predictions about the malfunctioning components. 

We start by introducing some terminology which is needed in the rest of the sub- 
section. 

Definition 12.2 

Elementary action is relevant to Huent literal I (written rel{ae, I)), if: 

• ''causes{ae,l, Py e SD; 

• ^^caused{l, [h, . . . , Z™])" G SD and Ug is relevant to some k from the precon- 
ditions of the law; 

• 'Hmpossible-if{a'^, [k, . . . , Zm])" G SD, a', is relevant to some I, and is rele- 
vant to some 4 from the preconditions of the condition. 

An action, a, is relevant to set O of fluent literals if every elementary action from 
a is relevant to some I G 0. 

Definition 12.3 

The set, rel{0), of fluent literals relevant to collection ofEuent literals O is defined 
as follows. 

1. C rel{0); 

2. if ''causes{ae, /, F)" £ SD, and I e rel{0), then P C rel{0); 

3. if ''caused{l,PY £ SD, and I G rel{0), then P C rel{0); 

4. for every condition ^' impossible _if {ue, [h, . . . , Im])" from SD, if Ue is relevant 
to O, then {h, . . . , C rel{0). 

Definition 12.4 

States si,S2 are called equivaJent w.r.t. a set of fluent literals (si ~o ^2) if 
yi G re/(0) « G si iff / G S2- 

Definition 12.5 

The rani- of a sequence of actions, a, w.r.t. a collection of fluent literals, O, is the 
number of elementary actions in a which are not relevant to O , and is denoted by 

Definition 12.6 

Sequence of actions a2 is the reduct of ai w.r.t. {a^ = redo{oii)) if a2 is obtained 
from ai by replacing a by a \ {ce} if is an exogenous action from a not relevant 
to O. We say that ai is equivaJent to w.r.t. O [ai ~o 0^2) if cti = redo{ct2) or 
a2 — redo{ai). 

Definition 12.7 ( Well-defined system description) 

Let T be the transition diagram corresponding to system description SD. SD is 
well-defined if, for any state s and action a, ^Hmpossible-if{a, P)" G SD and PCs 
iff there is no s' such that (s, a, s') G T. 
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Definition 12.8 {Set of final states) 

Let O be a collection of fluent literals. The set of final states w.r.t. O is 
Fo = {s I C s}. 

Definition 12.9 

A relevant candidate diagnosis of a symptom, S — (r„, O™), is a candidate diag- 
nosis, {E,A), of S such that all actions in E are relevant to the observations in 

• 

In the theorems that follow, we will implicitly consider only well-defined system 
descriptions. We will also write {sq, a, si) G T, to indicate that transition diagram 
T contains a path from state sq to state si whose actions are labeled by sequence 
of compound actions a. 

Lemma 7 

Let O be a collection of fluent literals, sq, Sq be states such that sq ~o Sq, and a 
be a sequence of actions s.t. every action of a is relevant to 0. If (sq, a, si) e T, 
then there exists Si' such that 



2. s[ ~o 5l- 
Lemma 8 

Let O be a collection of fluent literals, and e, ai, . . . , be elementary actions. If e 
is not relevant to O and (sq, {e, ai, . . . , a^}, si) G T, then there exists s( such that 

1. (so, {ai, . . . , Ofe}, s{) e T; 

2. si ~o s(- 

Theorem 4 

Let 5-0 be a system description and O be a collection of fluent literals. For every 
path (sq, a, sj) from T{SD) and Sq — o there is a path (sq, a', sj-) such that: 



Proof 

By induction on the rank of a w.r.t. O, |a|o- In the rest of this proof, we will use 
T to denote T{SD). 

Base case: \a\o — 0. By Lemma [T] there exists a path {sQ,a,s'j) G T" such that 

Inductive step: since |a|o > 0, at least one elementary action irrelevant to O occurs 
in a. Hence, there exist states Sk, Sfc+i, elementary actions ei, . . . , e™, and (possibly 
empty) sequences of actions ai, a2 such that: 

1. all actions in ai are relevant to O, and (sq, ai, Sfc) G T; 

2. ei is not relevant to O; 



1. (so,a,s{) G T; 



a ~o a', |a'|o = 0; 



(81) 
(82) 
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3. (sfc, {ei, . . . , e,„}, Sfc+i) G T; 

4. (sfc+i,a2,s/) e r. 

First we show that there exists s'j^^^ such that 

(so,ai{e2, . . . , e„J, 4+i) e (83) 
and 4+1 -o Sfc+i- 

Let Sq be a state such that Sq ~o sq. From condition |^ and the inductive hypoth- 
esis, it fohows that there exists ~o such that 

(s^,ai,4)er. (84) 

Next, we notice that, by conditions (0), (0) and Lenima|Sl there exists 4'+i such 
that s'j!^-^ ~o Sk+i and (st, {e2, . . . , e,„}, s^'_|.i) G By inductive hypothesis, there 
exists 4+1 such that s^^j^ ~o s^',^]^ and 

(4,{e2,--.,e™},4+i) e 7"- (85) 
Since relation "~o" is transitive, 

Sfc+i ~o 4+1- (86) 
Hence, ^ IS proven. 

Notice that, by construction, \a2\0 < \ct\o- By condition Q), equation l|86(l . and 

the inductive hypothesis, we obtain that there exist 4' and 012 such that 4 — o s/j 
"2 "27 |a2lo = 0, and 

(4+i,«2,4')e (87) 

Let 7 be the sequence consisting of ai, {e2, ■ ■ ■ , Cm} and aj. From l|M|l - lj57jl . it 
foUows that 



(4,7,4') e T. 

By the inductive hypothesis there exists a path (sg, a' , 4) G ^ such that a' ~o 7 

and 4 — o •S/ ■ l|81|l and (|82|l follow immediately from the transitivity of relation 

" I — I 
— o ■ U 



The following theorem shows that, if only relevant candidate diagnoses are com- 
puted, no useful prediction about the system's malfunctioning is missed. 

Theorem 5 

Let (S, T, W) be a diagnostic domain, SD be a system description of T, and 
S — (r„, 0) be a symptom of the system's malfunctioning. For every candidate 
diagnosis D — (E, A) of S there exists a relevant candidate diagnosis Dr = {Er, A^} 
such that Er — redo{E). 
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Proof 

First, let us prove that Dr is a candidate diagnosis. By definition of candidate 
diagnosis fDefinition l3.1() . E describes one or more paths in the transition diagram, 
whose final state, s/, is consistent with O. By Theorem^ Er describes paths whose 
final state, Sj, is equivalent to s/ w.r.t. O. Hence, s'j is consistent with O, as well, 
and therefore Dr is a candidate diagnosis. 

The fact that Dr is a relevant candidate diagnosis follows directly from Definition 

wim □ 

The next theorem proves that diagnostic module Di{S) generates all relevant can- 
didate diagnoses of S. 

Theorem 6 

Let (E, T", W) be a diagnostic domain, and SD be a system description of T. For 
every symptom of the system's malfunctioning, S ~ (r„, 0™), diagnostic module 
Di{S) computes all relevant candidate diagnoses of S. 

Proof 

(Sketch.) By Theorem |21 Do{S) computes all candidate diagnoses of S. Di{S) es- 
sentially consists in the addition of a constraint. This constraint makes the module 
reject all candidate diagnoses which are not relevant to the observations in O™. 
Hence, all candidate diagnoses returned by Di{S) are relevant to S. □ 



12.4 Properties of Find_Diag 

The properties of Find-Diag are described by Theorem In order to prove the 
theorem, we prove separately the termination of the algorithm and its correctness. 

Lemma 9 

Let (S, T, W) be a diagnostic domain, SD be a system description of T, and 
S = (r„. On) be a symptom of the system's malfunctioning. Then, Find_Diag{S) 
terminates. 

Proof 

Recall that E — {C,F,A). Let us prove by induction that the following is an 
invariant of the repeat . . . until loop: 

"at the beginning of the i*'' iteration of the loop, there is a set M C C such that 
(«) \M\^^-l 

(b) \/ce M obs{^ab{c),m) e O ^ ' 

Base case: i — \. Trivially satisfied. 

Inductive step. Assume that H89|l holds for i and prove that it holds for j -|- 1. Let 
M = {ci, . . . , Ci_i} be the set satisfying (|89(l for i. Since the loop was not exited 
after the last iteration, we can conclude that, during iteration m, a component 
c was found, such that observe{m, ab{c)) ^ ab{c) and c was hypothesized faulty 
in the candidate diagnosis computed by Candidate_Diag . Under these conditions, 
the else branch inside the while loop adds obs{^ab{c), m) to 0. Notice that, by 
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definition of candidate diagnosis, this literal did not previously belong to O, which 
implies c ^ M. Then M U {c} satisfies for i + 

To complete the proof we show that the algorithm performs at most | C| + l iterations 
of the repeat . . . until loop. Suppose it is in the beginning of iteration | C| + 1. From 
the invariant, we obtain that 



Definition H3.1|l implies that (r„, O) has no candidate diagnosis. The next call to 
Candidate_Diag returns (0, 0) and the algorithm terminates immediately. □ 

Lemma 10 

Let SD be defined as above. So ~ (r„, O™) be a symptom of the system's malfunc- 
tioning, and {E,A) — Find_Diag{S), where the value of variable S is set to Sq. If 
A 7^ 0, then 

(iS, A) is a diagnosis of Sq; 

otherwise, Sq has no diagnosis. 



Let us show that, if A = 0, <So has no diagnosis. By definition of candidate diagnosis 
and Theorem 121 Candidate _Diag returns A = only if Sq has no diagnosis. The 
proof is completed by observing that, if Candidate-Diag returns A = 0, the function 
terminates immediately, and returns (i?. A). 

Let us now assume that A 7^ 0. We have to show that 

1. (iS, A) is a candidate diagnosis of <So, and 

2. all the components in A are faulty. 

Let 0* [i > 1) denote the value of variable at the beginning of the z*'' iteration 
of the repeat . . . until loop of Find-Diag. Notice that is equal to the initial value 
of 0„. By Lemma El the algorithm terminates. Let u denote the index of the last 
iteration of the repeat . . . until loop. 

Since A ^ 0, by Theoremj^land by the fact that {E, A) is not updated by the while 
loop, 

{E,A) is a candidate diagnosis of (r„, O")- 

We want to show that this implies statement ^ 
By the definition of candidate diagnosis, 

there exists a model, M, of r„ U O" U i? such that , , 



Vc e C obs{^ab{c), m) e ■ 



(90) 



Proof 



A = {c\ M \= h{ab{c),m)}. 



(91) 



Let M denote one such model. From CoroUaryj^l (|91() holds iff 



there exists an answer set, AS, of 
P = a{SD, r„ U O" U £■) U i? such that 
A = {c I h{ab{c),m) G AS}. 



(92) 
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Let A'^ denote one such answer set. 

Since Sq is a symptom, n > 0. Notice that O' = 0" \ 0^ is a set of observations 
made at time n. Let C denote the set of constraints of P of the form 

" (93) 
not h{l,t). ^ ' 

where obs{l, t) G O' - these constraints correspond to rule (10) of 11 (see Section 
m). Let also Q denote P\C. 

By the properties of the answer set semantics, (I92|l holds iff 

A"^ is an answer set of Q, A'^ does not violate C, and , , 

A = {c \ h{ab{c),m) e A""}. ^ ' 

Notice that O' is a splitting set for Q, and bottomo'iQ) — O' . Since no literal of 
O' occurs in topo'iQ), eo'iQ, O') = Q\0'. Let R denote Q\0'. By the Splitting 
Set Theorem, j4" is an answer set of Q iff ^4" \ O' is an answer set of R. 

Let A^ denote A"^ \ O'. Observe that the literals of O' occur, within P, only in the 
constraints of C, and that they never occur under negation as failure. Therefore, if 
A'" does not violate C, then A-^ does not violate C, either. Hence, (j94|l implies that 

A-^ is an answer set of R, A^ does not violate C, and , , 

A^{c\h{abic),m)GA^}. ^ ' 

By the properties of the answer set semantics, ()95|l holds iff 

A-^ is an answer set of i? U C, and , , 

{c \ h{ab{c),m) e A^}. ^ ' 

Since R^ Q\0', 

RUC^Q\0'UC^P\0' = a{SD, r„ U U £^) U R. 

Hence ^ can be rewritten as: 

A-^ is an answer set of a{SD, r„ U U i?) U i?, and 

A^{c\h{ab{c),m) e A'}. ^ > 

From Corollary 12 (jHH) holds iff 

there exists a model, M, of r„ U 0^ U i? such that , , 

A = {c\M\=h{ab{c),n-l)}. ^ ' 

By the definition of candidate diagnosis, 

{E, A) is a candidate diagnosis of So. 

To prove statement|21 notice that A is the result of the latest call to Candidate -Diag . 
Since, by hypothesis, A 7^ 0, the value of variable diag at the end of the final 
iteration of the repeat . . . until loop must have been true. In turn, this implies that, 
in the same iteration, the while loop terminated with Aq = and diag = true. 
Therefore all the components in A are faulty and, by definition of diagnosis, 

{E, A) is a diagnosis of Sq. 

□ 
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Theorem |2| 

Let (S, T, W) be a diagnostic domain, SD be a system description of T, and 
5 = (r„, 0™) be a symptom of the system's malfunctioning. Then, 

1. Find_Diag{S) terminates; 

2. Let {E,A) — Find_Diag{S), where the value of variable S is set to Sq. If 
A 7^ 0, then 

{E,A) is a diagnosis of Sq; 

otherwise, Sq has no diagnosis. 

Proof 

Statement ^ is proven by applying Lemma ^ Statement |21 is proven by applying 
Lemma ^1 □ 
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